- 29 Oct, 2019 11 commits
-
-
GitLab Release Tools Bot authored
Labels visible despite no access to issues & repositories See merge request gitlab/gitlabhq!3409
-
GitLab Release Tools Bot authored
Project path reveals labels from Private project if the issue is moved to public project See merge request gitlab/gitlabhq!3419
-
GitLab Release Tools Bot authored
Require Maintainer permission on group where project is transferred to See merge request gitlab/gitlabhq!3420
-
GitLab Release Tools Bot authored
Sanitize search text to prevent XSS See merge request gitlab/gitlabhq!3453
-
GitLab Release Tools Bot authored
Private/internal repository enumeration via bruteforce on a vulnerable URL See merge request gitlab/gitlabhq!3454
-
GitLab Release Tools Bot authored
Only assign merge params when allowed See merge request gitlab/gitlabhq!3458
-
GitLab Release Tools Bot authored
Pass all wiki markup formats through our Banzai pipeline filters See merge request gitlab/gitlabhq!3461
-
GitLab Release Tools Bot authored
Mask sentry auth token See merge request gitlab/gitlabhq!3462
-
GitLab Release Tools Bot authored
Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue. Closes #2934 See merge request gitlab/gitlabhq!3466
-
GitLab Release Tools Bot authored
Filter out search results based on permissions to avoid bugs leaking data See merge request gitlab/gitlabhq!3493
-
GitLab Release Tools Bot authored
Return 404 on LFS request if project doesn't exist See merge request gitlab/gitlabhq!3505
-
- 28 Oct, 2019 1 commit
-
-
GitLab Release Tools Bot authored
[ci skip]
-
- 25 Oct, 2019 1 commit
-
-
Igor Drozdov authored
-
- 24 Oct, 2019 9 commits
-
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
Bob Van Landuyt authored
When a user updates a merge request coming from a fork, they should not be able to set `force_remove_source_branch` if they cannot push code to the source project. Otherwise developers of the target project could remove the source branch of the source project by setting this flag through the API.
-
Eugenia Grieff authored
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
- 23 Oct, 2019 11 commits
-
-
GitLab Bot authored
-
Eugenia Grieff authored
- Include new types in SystemNoteMetadata - Add Label and Milestone reference_pattern to Mentionable::ReferenceRegexes to be checked for cross references
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Bot authored
-
Dylan Griffith authored
This will be used later for search filtering.
-
Dylan Griffith authored
This is to be more consistent as there is already a :read_note policy in NotePolicy. To keep other behaviour the same we've introduced a Note#noteable_ability_name that is used anywhere this was expected.
-
GitLab Bot authored
-
- 22 Oct, 2019 7 commits
-
-
Luke Duncalfe authored
Previously, when the wiki page format was anything other than `markdown` or `asciidoc` the formatted content would be returned though a Gitaly call. Gitaly in turn would delegate formatting to the gitlab-gollum-lib gem, which in turn would delegate that to various gems (like RDoc for `rdoc`) and then apply some very liberal sanitization. It was too liberal! This change brings our wiki content formatting in line with how we format other markdown at GitLab, so we have a SSOT for sanitization. https://gitlab.com/gitlab-org/gitlab/issues/30540
-
GitLab Bot authored
-
GitLab Bot authored
-
Eugenia Grieff authored
Use project scopes to filter project labels Add changelog file Check issuables visibility in LabelsFinder Add specs for issuables visibility cases Rename Project method to reuse in LabelsFinder Remove commented code Improve changelog title
-
GitLab Bot authored
-
GitLab Bot authored
-
GitLab Release Tools Bot authored
-